Ssl unsuported protocol - ciphe rmismatch with lets encrypt

Answer these questions to help the Community help you with Security questions.

What is the domain name? all

*Have you searched for an answer?*yes

*Please share your search results url:

When you tested your domain using the [Cloudflare Diagnostic Center] what were the results?

Describe the issue you are having:
I have a let’s encrypt ssl on my server and I am using Cloudflare dns. I have full strict. When I disable universal ssl I get the cipher mismatch error. I keep reading if I have a let’s encrypt ssl (for example) i should be able to click disable universal

What error message or number are you receiving?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What steps have you taken to resolve the issue?

  1. enable Cloudflare universal ssl
  2. pause clloudflare

Was the site working with SSL prior to adding it to Cloudflare?
yees

What are the steps to reproduce the error:

  1. disable universal ssl

Have you tried from another browser and/or incognito mode? yes same error

Please attach a screenshot of the error:

Are you using ACM? If not, then you need universal SSL or Cloudflare can not serve your site via SSL.

2 Likes

No. Sure I read with using full(strict) mode I could disable universal. So does this mean there is no point getting lets encrypt SSL on my server if just using Cloudflare?

You’ll see in the dashboard this diagram under the SSL/TLS section:

The two :lock: symbols on the diagram indicate that there are two certificates - one is your Edge certificate deployed on Cloudflare’s network, and the other is whatever you have configured at your origin.

The SSL mode setting does not change what Edge certificate is displayed, it only changes what Cloudflare does when connecting to your origin - whether it uses HTTP (Flexible) or HTTPS (Full, Full Strict, Strict) and whether it attempts to verify the certificate (Full Strict, Strict) your origin presents. If you have deployed a LetsEncrypt certificate to your origin server and you intend to keep this valid & renew it when it expires, Full Strict is the best option for you.

There must always be an SSL certificate deployed to Cloudflare’s Edge for SSL to work with Cloudflare. If you wanted to upload your own SSL certificate to us instead of the ones Cloudflare offers, you can do that as part of a Business plan.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.